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Vulnerability Intelligence 


How it Works and How its Used 


Intelligence vs. Information 


Intelligence is information that has been analyzed 


Intelligence provides informative insights 


Collecting, processing, analyzing informatior 
4 
Data meets some goal or purpose INFORMATION 


The problem is not to find something … But to understand something 


Source: Multiple 
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Vulnerability Intelligence 


Identifies the Vulnerabilities with 
the greatest impact on risk. 


Proactive vs reactive. 
Pertains to a specific environment. 


Prioritizes vulnerability workflow. 


We need to think about... 


Threats and 
Vulnerabilities 


Visibility with Technology 
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Situation 
Vulnerabilities/ 
Remediation 


Information Overload 


E 


i. 19,299 vulnerabilities on 698 
servers (2015) 


2. Average Resolution 44.2 
days 


3. High numbers 
4. Overwhelmed Staff 
s. VM became a low priority 


e. Can we be more proactive? 
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Objectives 


Discover and Prioritize by Criticality 


MR Effective Vulnerability Management Assesses the Risk 


© verified and Reliable Data 


e Timely and Actionable 
hen, 
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Technology 


Cloud Agent & Threat Protect 


Qualys Cloud Agent 


Produces real-time data that is More 
reliable than traditional scanning. 


More visibility into systems for 
troubleshooting, services running, user 
accounts, open ports, software and 
version number 


Cloud Agent 
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Continuous Visibility and Real- 
Time Vulnerability Management: 


Continuous Data Collection 


Eliminates scanning windows armen x ——— Yun ee ac Bul 70 
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Real-time trackin Open Ports — 15 _ ONSHostname: 234232-20, 234203120 t User Login 
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Hà Endpoint (0mm 
Visibility of Operating System, Zain 
Applications and Certificate. 
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Qualys Threat Protect 


Real-Time Indicators (RTI's) are data 
points collected per vulnerability. 


It is accurate, timely and actionable 
information to help prioritize and shrink 
the flood of Vulnerabilities reported 


Threat Protect 
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Identify & Weigh Characteristics 
that Intensify a Vulnerabilities 


Danger: 


Vulnerabilities that are not very critical 
can be dealt with in due course. 


Know the assets with the most risk. 


Prioritize based on criticality. 


U} HOSTS WITH ACTIVE SEV 5 VULNERABILITIES WITH AVAILABLE EXPLOIT 


Understand the associations across 


vulnerabilities to know the impact of a ar = zer 
inireat: SON MÀ. 


Results 
Vulnerabilities/ 
Remediation 


Intelligence Leveraged 


Average Resolution Time Dropped from 2015 to 2017 


i 21,409 vulnerabilities on 775 
servers (2017). 


2. Average Resolution 21.5 days. 


3. Higher numbers than 2015. 


4. Removal of Secondary 
Scanner Appliance (Nessus). 


s. Priorities defined by risk. 


e Transitioned from reactive to 
proactivel 
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Actionable Vulnerability Information 
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Dashboard Feed Assets 


© Live Feed 


Saved Searches = 


Search 
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Asset Summary 
System Information 
Agent Summary 
Network Information 
Open Ports 
Installed Software 
Vulnerabilities 


ThreatPROTECT RTIs 


Alert Notifications 


Total Vulnerabilities by RTIs 
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LATEST THREATS FROM LIVE FEED 


Title 

PoC Exploit available for CVE-2017-8541 

PoC Exploit available for CVE-2017-8540 

PoC Exploit available for CVE-2017-8538 

PoC Exploit available for CVE-2017-8535 

PoC Exploit available for CVE-2017-8536 

PoC Exploit available for CVE-2017-8537 

Intel Active Management Technology (AMT) Privilege Escalation Vulnerability 
CVE-2017-5689: Intel Elevation Of Privilege Vulnerability 

PoC Exploit available for CVE-2017-0290 
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Qualys Asset Inventory 


Accurate server inventory with detailed 
and continuous hardware and software 
visibility. 


Timely and actionable information to 
help prioritize decision making regarding 
EOL software and hardware. 


Asset Inventory 
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Enable Efficiency Across IT and 
Security with Up to Date Continuous 


Visibility Could this improve the existing 


Replaces manual procurement collection Server Inventory? 


efforts. 
Identify and know the assets on your network Tester Comment: "/ think It goes 
by functional category. , ' , 

without saying this would be a 
Prioritize replacing EOL hardware and huge improvement. The current 
software licensing with easy and efficient 
decision making. Server Inventory Is not easy to 
Beta testing at Montana State University by use and it's function IS generally 
Technical Leads in Distributed IT Units. a mystery to end users. 
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Constantine Vorobetz 
@qualys.com 


